Bank Solutions Security Risk Paper

803 Words4 Pages

Introduction
The purpose of this paper is to identify the requirements needed to potentially control the security threats that face Bank Solutions. There are several issues that exist even though there are current policies and procedures in place. It is essential for Bank Solutions to understand and properly implement security controls and configurations to better determine the risks that threaten the bank and its assets, and stay in compliance with the regulations and laws that govern the IT industry. There is a need for improvement since Bank Solutions is a bank that handles customer information. It is important that Bank Solutions be in compliance with government regulations. The NIST Special Publication 800-53 Revision 4 has been used …show more content…

Outdated and untested updates systems are easy targets for denial of service (DoS) and Zero day attack. This is a big threat to the entire Bank system and it is a vulnerability that may lead to a serious breach or incident.
The testing of the system is not well conducted, the data center DRBCP was last tested in 2007, according to Douglas who is the Chief Information Officer for Bank Solutions. It is of no value to have a plan in place with no current testing. DRBCP should be tested quarterly, semi-annually, and annually to insure its readiness in case of a disaster.
The distribution plan is not available to all key plan participants and the customization is not completed. It important for all participants to have access and knowledge of the DRBCP. The bank should insure complete customization to avoid errors and confusion with the employees and …show more content…

This is a very sensitive area that needs attention, in case of disaster there should be well defined handling and preserving of evidence. Bank Solutions should be able and ready to establish a chain of custody for the evidence to ensure proper storage and integrity of that evidence to help in the investigation.
The review noted that several of the same power users whose actions are recorded onto event logs also have write access to the logs themselves. Administrative rights on computers should be securely set and at least privilege policy to be put in place. This ensures that authorized users are only given access and authority to what is needed to complete their given tasks, eliminating unauthorized access or making changes to data.
Throughout the review there was no indication that Bank Solutions had encryption for the stored or transmitted data. This means that all data is transmitted in a clear text that can easily be compromised if it gets into the wrong hands. To ensure integrity and confidentiality of stored or backed up information, the bank has to introduce means and ways of

More about Bank Solutions Security Risk Paper